Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
added 2016/10/04 7:44 a.m.43 views

Updated freerdp packages fix security vulnerabilities

FreeRDP could crash due to a NULL or invalid pointer CVE-2013-4118, CVE-2013-4119...

7.5CVSS1.7AI score0.04327EPSS
Exploits0References5
Mageia
Mageia
added 2016/09/28 5:59 a.m.44 views

Updated wget packages fix security vulnerability

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource CVE-2016-4971. Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only CVE-2016-7098...

8.8CVSS5.5AI score0.45935EPSS
Exploits13References3
Mageia
Mageia
added 2016/09/28 5:59 a.m.33 views

Updated autotrace packages fix security vulnerability

autotrace failed to allocate sufficient memory to store the terminating NULL pointer in an array, causing an out of bounds write. CVE-2016-7392...

5.5CVSS3.4AI score0.01903EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/28 5:59 a.m.39 views

Updated pdns packages fix security vulnerability

PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes CVE-2016-5426. PowerDNS Authoritative Server does not properly handle dot inside labels CVE-2016-5427. These issues allow a remote, unauthenticated attacker to cause an abnormal load on the PowerDNS backend ...

7.5CVSS1.6AI score0.62982EPSS
Exploits0References5
Mageia
Mageia
added 2016/09/28 5:59 a.m.31 views

Updated zookeeper packages fix security vulnerability

Lyon Yang discovered that the C client shells clist and climt of Apache Zookeeper were affected by a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur...

8.1CVSS4.8AI score0.07821EPSS
Exploits1References2
Mageia
Mageia
added 2016/09/28 5:59 a.m.49 views

Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-2836...

8.8CVSS3.9AI score0.0289EPSS
Exploits0References4
Mageia
Mageia
added 2016/09/28 5:59 a.m.42 views

Updated graphicsmagick packages fix security vulnerability

A possible heap overflow of the EscapeParenthesis function CVE-2016-7447. The Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU CVE-2016-7448. The TIFF reader had a bug...

9.8CVSS1.2AI score0.04021EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/28 5:59 a.m.39 views

Updated firefox/rootcerts/nss packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272,...

9.8CVSS4.3AI score0.05037EPSS
Exploits0References4
Mageia
Mageia
added 2016/09/28 5:59 a.m.40 views

Updated gnutls packages fix security vulnerability

An issue was found in certificate validation using OCSP responses caused by not verifying the serial length, which can falsely report a certificate as valid CVE-2016-7444...

7.5CVSS2.4AI score0.02437EPSS
Exploits0References4
Mageia
Mageia
added 2016/09/25 3:45 p.m.31 views

Applications using libtorrent-rasterbar are vulnerable to denial of service

Applications using libtorrent-rasterbar are vulnerable to denial of service. An attacker-controlled torrent tracker can crash victim torrent clients by sending malformed GZIP responses CVE-2016-7164...

7.5CVSS2.3AI score0.0262EPSS
Exploits0References3
Mageia
Mageia
added 2016/09/25 3:45 p.m.30 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

A write out-of-bounds parsing an ico file was found in gdk-pixbuf. A maliciously crafted file can cause the application to crash CVE-2016-6352. The gdk-pixbuf2.0 package has been updated to version 2.32.3 and patched to fix this issue, and a few other possible security issues...

7.5CVSS2.9AI score0.03855EPSS
Exploits1References4
Mageia
Mageia
added 2016/09/25 3:45 p.m.73 views

Updated php packages fix security vulnerabilities

Memory Corruption in During Deserialized-object Destruction CVE-2016-7411. Heap overflow in mysqlnd related to BIT fields CVE-2016-7412. wddxdeserialize use-after-free CVE-2016-7413. Out of bound when verify signature of zip phar in pharparsezipfile CVE-2016-7414. Missing locale length check in...

9.8CVSS2.6AI score0.11402EPSS
Exploits7References10
Mageia
Mageia
added 2016/09/25 3:45 p.m.40 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 2.0.6, which fixes several security issues where a malformed packet trace could cause it to crash, and fixes several other bugs as well. See the release notes for details...

5.9CVSS3.6AI score0.02652EPSS
Exploits0References9
Mageia
Mageia
added 2016/09/25 11:41 a.m.40 views

Updated libarchive packages fix security vulnerability

The updated packages fix several security vulnerabilities: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with...

7.5CVSS2.4AI score0.04707EPSS
Exploits1References9
Mageia
Mageia
added 2016/09/23 8:57 p.m.45 views

Updated golang package fixes security vulnerability

Updated golang packages fix security vulnerability: Go: sets environmental variable based on user supplied Proxy request header CVE-2016-5386...

8.1CVSS2.1AI score0.0522EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/21 8:38 p.m.52 views

Updated tomcat packages fix security vulnerability

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS2.3AI score0.50896EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/21 8:38 p.m.45 views

Updated curl packages fix security vulnerability

The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked and due to arithmetic in...

9.8CVSS0.5AI score0.11737EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/21 8:38 p.m.17 views

Updated libksba packages fix security vulnerability

It was found that an unproportionate amount of memory is allocated when parsing crafted certificates in libskba, which may lead to DoS. Moreover in libksba 1.3.4, allocated memory is uninitialized and could potentially contain sensitive data left in freed memory block...

4.5AI score
Exploits0References4
Mageia
Mageia
added 2016/09/21 8:38 p.m.36 views

Updated slock packages fix security vulnerability

The slock utility is susceptible to crash when verifying a password for a user without a valid shadow hash entry CVE-2016-6866...

7.5CVSS1.1AI score0.02893EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/21 8:38 p.m.46 views

Updated jsch packages fix security vulnerability

It was discovered that there was a path traversal vulnerability in jsch CVE-2016-5725...

5.9CVSS2.5AI score0.24143EPSS
Exploits3References2
Mageia
Mageia
added 2016/09/21 8:38 p.m.46 views

Updated icu packages fix security vulnerability

Buffer overflow ICU in the ulocacceptLanguageFromHTTP function CVE-2016-6293...

9.8CVSS3.8AI score0.04957EPSS
Exploits1References2
Mageia
Mageia
added 2016/09/21 8:38 p.m.43 views

Updated chromium-browser-stable packages fix security vulnerability

Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS UXSS." CVE-2016-5147 Cross-site scripting XSS...

8.8CVSS4AI score0.04702EPSS
Exploits0References4
Mageia
Mageia
added 2016/09/21 8:38 p.m.44 views

Updated nodejs packages fix security vulnerability

Under certain conditions, V8 may improperly expand memory allocations in the Zone::New function. This could potentially be used to cause a Denial of Service via buffer overflow or as a trigger for a remote code execution CVE-2016-1669. The primary npm registry has used HTTP bearer tokens to...

9.3CVSS2.9AI score0.04227EPSS
Exploits0References6
Mageia
Mageia
added 2016/09/21 8:38 p.m.25 views

Updated file-roller packages fix security vulnerability

It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a specially-crafted archive, an attacker could delete files outside of the extraction directory...

7.5CVSS2AI score0.03328EPSS
Exploits1References2
Mageia
Mageia
added 2016/09/21 8:38 p.m.30 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.635 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves an integer overflow vulnerability that could lead to code execution CVE-2016-4287. Th...

9.3CVSS3.1AI score0.19443EPSS
Exploits2References2
Mageia
Mageia
added 2016/09/16 9:27 a.m.34 views

Updated jasper packages fix security vulnerability

A double-free issue in JasPer 1.900.1 in the jasperimagestopload function can cause a denial of service if a specially crafted JPEG image is loaded CVE-2015-5203. A use-after-free which leads to double-free vulnerability was found in Jasper JPEG-2000 library, in src/libjasper/mif/mifcod.c file...

5.5CVSS6.4AI score0.0219EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/16 9:27 a.m.32 views

Updated mediawiki packages fix security vulnerability

Check read permission when loading page content in ApiParse CVE-2016-6331 Make blocks log users out if $wgBlockDisablesLogin is true CVE-2016-6332 Make $wgBlockDisablesLogin also restrict logged in permissions CVE-2016-6332 Require login to preview user CSS pages CVE-2016-6333 Escape '' in inline...

7.5CVSS2.4AI score0.02133EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/16 9:27 a.m.32 views

Updated perl-DBD-mysql packages fix security vulnerability

Two use-after-free vulnerabilities were discovered in DBD::mysql. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql application crash, or potentially to execute arbitrary code with the privileges of the user running the...

10CVSS9.9AI score0.06026EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/16 9:27 a.m.15 views

Updated lcms2 packages fix security vulnerability

An out-of-bounds read in cmstypes.c in TypeMLURead function was found, leading to heap memory leak triggered by crafted ICC profile rhbz1367357...

1.5AI score
Exploits0References2
Mageia
Mageia
added 2016/09/16 9:27 a.m.62 views

Updated dropbear packages fix security vulnerability

Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host...

10CVSS1AI score0.10494EPSS
Exploits0References3
Mageia
Mageia
added 2016/09/16 9:27 a.m.42 views

Updated cracklib packages fix security vulnerability

It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib CVE-2016-6318...

7.8CVSS4.6AI score0.00747EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/16 9:27 a.m.54 views

Updated openvpn packages fix security vulnerability

Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to birthday attack when key renegotiation doesn't happen frequently or at all in long running connections. Blowfish cipher as used in OpenVPN by default is vulnerable to this attack, that allows remote attacker to recove...

5.9CVSS4.1AI score0.0594EPSS
Exploits0References3
Mageia
Mageia
added 2016/09/16 9:27 a.m.30 views

Updated krb5 packages fix security vulnerability

The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service NULL pointer dereference a...

6.5CVSS5.6AI score0.0462EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/16 9:27 a.m.35 views

Updated perl-XSLoader packages fix security vulnerability

An arbitrary code execution can be achieved if loading code from untrusted current working directory despite the '.' is removed from @INC. Vulnerability is in XSLoader that uses caller information to locate .so file to load. If malicious attacker creates directory named eval 1 with malicious bina...

7.8CVSS2.8AI score0.00787EPSS
Exploits1References2
Mageia
Mageia
added 2016/08/31 5:34 p.m.25 views

Updated eog packages fix security vulnerability

An out-of-bounds write vulnerability in eog was found when processing specially crafted SVG file. Due to passing the error message containing invalid UTF-8 character to GMarkup, out-of-bounds access is triggered CVE-2016-6855...

7.5CVSS2.6AI score0.18862EPSS
Exploits4References2
Mageia
Mageia
added 2016/08/31 5:34 p.m.44 views

Updated python3/python packages fix security vulnerability

Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTPPROXY” environmental variable based on the header value. When this variable is used in man...

6.1CVSS2AI score0.04526EPSS
Exploits0References4
Mageia
Mageia
added 2016/08/31 5:34 p.m.48 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.12.4, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.18843EPSS
Exploits4References8
Mageia
Mageia
added 2016/08/31 5:34 p.m.32 views

Updated redis packages fix security vulnerability

It was discovered that redis did not properly protect redis-cli history files; they were created by default with world-readable permissions CVE-2013-7458...

3.3CVSS1.4AI score0.00484EPSS
Exploits0References2
Mageia
Mageia
added 2016/08/31 3:32 p.m.58 views

Updated ctdb packages fix security vulnerability

The kernel fix for CVE-2015-8543 uncovered a bug in ctdb, leading to broken clusters. The ctdb package has been patched to fix this issue...

7CVSS7.3AI score0.0122EPSS
Exploits0References2
Mageia
Mageia
added 2016/08/31 3:32 p.m.35 views

Updated mupdf packages fix security vulnerability

A flaw was discovered in the pdfloadmeshparams function allowing out-of-bounds write access to memory locations. With carefully crafted input, that could trigger a heap overflow, resulting in application crash or possibly having other unspecified impact CVE-2016-6525. Also, mupdf already containe...

9.8CVSS2.3AI score0.03772EPSS
Exploits0References4
Mageia
Mageia
added 2016/08/31 3:32 p.m.32 views

Updated fontconfig packages fix security vulnerability

Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using...

7.8CVSS3.3AI score0.00403EPSS
Exploits0References2
Mageia
Mageia
added 2016/08/31 3:32 p.m.40 views

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

10CVSS0.6AI score0.0475EPSS
Exploits0References28
Mageia
Mageia
added 2016/08/31 3:32 p.m.73 views

Updated openssh packages fix security vulnerability

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

7.8CVSS7.2AI score0.88944EPSS
Exploits17References4
Mageia
Mageia
added 2016/08/31 3:32 p.m.41 views

Updated python-django packages fix security vulnerability

It was discovered that Django is prone to a cross-site scripting vulnerability in the admin's add/change related popup CVE-2016-6186...

6.1CVSS1.2AI score0.05536EPSS
Exploits6References3
Mageia
Mageia
added 2016/08/31 3:32 p.m.83 views

Updated kernel-tmb packages fix security vulnerabilities

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

7.8CVSS4AI score0.15073EPSS
Exploits16References4
Mageia
Mageia
added 2016/08/31 3:32 p.m.37 views

Updated bsdiff packages fix security vulnerability

Integer signedness error in bspatch.c in bspatch in bsdiff allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file CVE-2014-9862...

7.8CVSS8.2AI score0.06762EPSS
Exploits0References2
Mageia
Mageia
added 2016/08/31 3:32 p.m.39 views

Updated nettle/nettle2.7 packages fix security vulnerability

The cryptographic library nettle had a potential information leak problem reported. RSA code is vulnerable to cache sharing related attacks CVE-2016-6489...

7.5CVSS3.6AI score0.05007EPSS
Exploits0References2
Mageia
Mageia
added 2016/08/31 3:32 p.m.41 views

Updated gnupg/libgcrypt packages fix security vulnerability

Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output CVE-2016-6313. The gnupg package has been...

5.3CVSS1.5AI score0.03597EPSS
Exploits0References3
Mageia
Mageia
added 2016/08/31 3:32 p.m.21 views

Updated php packages fix security vulnerability

The php package has been updated to version 5.6.25, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

3.3AI score
Exploits0References2
Mageia
Mageia
added 2016/08/31 3:32 p.m.46 views

Updated curl packages fix security vulnerability

libcurl before 7.50.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous...

8.1CVSS1.2AI score0.15063EPSS
Exploits0References4
Total number of security vulnerabilities6011